I have no sympathy for him. If the company in question did not hire him specifically to breach their security, then he has committed a crime. I'm not familiar with British law, but I know in the U.S. (though it can vary from state to state) it is illegal to wrongfully access even a private citizen's facebook/email let alone a company's.

To paraphrase the article: A British student has been jailed for eight months for hacking facebook and stealing "invaluable" information from the company and while he stated he only done it to help improve the security of the website, in which he has done similar actions with yahoo who rewarded him for doing so the judge disagreed and sentenced him to jail. Although he did nothing with that information he could have potentially caused "very serious consequences".

I was just curious how you guys thought about this sentence, the hacking of websites in general and the appropriate sentence (if any) should that person be subjected to. Also do you think if more sentences like this or the one proposed were handed out it could deter people from this kind of crime?

I myself am a little conflicted about what to think, on the one hand the information he stole could have done some damage to the company but personally I just don't view this as jail time material. I'm a little disappointed by the lack of transparency but I suppose it can't be helped, I just can't help but think if this wasn't facebook and a smaller company then he wouldn't have been given that kind of sentence.

With that said the people I've spoken to said the sentence wasn't enough and just because he didn't use that information doesn't mean the sentence should be more lenient and should be punished with more jail time, so it will be interesting you get your guys view.

Here's an original idea. Contact said company to let them know about the flaw. If they agree with you, maybe you're up for a bigtime job. If they don't challenge them to prove it. Most of these hackers aren't doing it to "improve security". They're doing it because they can and gives them a kind of thrill to commit a crime that it is unlikely you'll get caught and be punished for.

i can see why he gets jail time for hacking facebook even tough nothing happened and he seems like a decent person but yea he still broke into a site holding alot of value. Personal info about people aswell as being a threat to the security of all people with an account on the site. So yea he could literaly hype up others to try it our end up holding a grudge towards a person our helping someone do something nasty etc by giving out personal info our hijacking accounts and thats some serious dmg that could be done. So giving him a prison sentence shows people there serious about keeping privacy safe and it might discourage others from trying to do the same since 8 months jail is not that much fun.

Are you just choosing to ignore the part where this guy actually stole stuff? Because he did, and the only reason he gave it up was because he got caught - he didn't give it up willingly. "These guys" are clearly not what we're talking about, and you'd do best to lose the snarky attitude and actually read what you're discussing before throwing your e-peen down.

I've been living in the real world for a long time, and as someone whose job directly deals with copyright issues in regards to design professions (architecture, engineering, landscape architecture), I have a lot of experience with the theft of information and intellectual property. I would suggest that it's you who needs to get with those of us on the other side of your 'real world' example - we don't like it when criminals steal our shit.

"invaluable" intellectual property.

Seriously man? What the heck does that even mean? I dont think the "victim" could have been anymore general in what was actually done so im not passing judgement just yet.

Imo, he would have had to take this information to marketing company or somewhere else where they actually pay for it to be what you described.

"the most extensive and flagrant incidence of social media hacking to be brought before British courts"

To those saying they'd hire him - would you really hire him once he'd cost you a ton of money, stolen your property with no intention of returning it, and forced you to catch him before feeding you a story about doing it for your own good? Because I wouldn't want a weasel like that anywhere near my company.

"Frank William Abagnale, Jr. (born April 27, 1948) is an American security consultant known for his history as a former confidence trickster, check forger, impostor, and escape artist. He became notorious in the 1960s for passing $2.5 million worth of meticulously forged checks across 26 countries over the course of five years, beginning when he was 16 years old."

I think there are many cases where security has been increased and fixed because of someone getting past it then being hired to help improve it, even if you serve jail time if you impress the right people with your actions you'll have a job when you get out.

If you wanna hack something to "test their defenses", it's best to get permission from the company to do so first.

Originally Posted by Masark

People in cars cause accidents. Accidents in cars cause people.

Sometimes life gives you lemons, other times life gives you boobies. Life is always better with more boobies.
Blizzard removed my subscription from WoD's features, it'll be added sometime later.
And thus I give you: MALE contraception!

I believe this is pretty much the same as what Anonymous was doing a while back, I remember a pretty good analogy for describing this. A defense company develops a new type of bulletproof vest, the helpful person points out a serious flaw, Anonymous (or the student in this case) just shoots the person wearing it to point out the same flaw.

Apples to oranges. No one's life is being put in jeopardy. While the methods may be questionable, sometimes big companies like this need a kick in the rear to fix it. No one thought the Titanic was sinkable till it hit an iceburg.

"Frank William Abagnale, Jr. (born April 27, 1948) is an American security consultant known for his history as a former confidence trickster, check forger, impostor, and escape artist. He became notorious in the 1960s for passing $2.5 million worth of meticulously forged checks across 26 countries over the course of five years, beginning when he was 16 years old."

I think there are many cases where security has been increased and fixed because of someone getting past it then being hired to help improve it, even if you serve jail time if you impress the right people with your actions you'll have a job when you get out.

See that's not really as valid comparison though - Abagnale was hired by the Federal government after he served prison time - he wasn't hired by those he defrauded. Therefore he was not rewarded for his actions like you are suggesting, he was simply hired based on his skills after he served jail time. As for the private company he runs - it's his company, he wasn't hired by them.

Those circumstances are significantly different than the situation at hand, and as such are not directly comparable at all.

It is dangerous to jail smart people for being smart.
There are smart people employed by China to dig through FBI files. They get there by injecting software (either attachments, or links) to personal email of people working in high-security places, and facebook can be used as well.
This particular smart person did no such thing, he didn't use the facebook flaw to install spy software on government computers and send back information for years.
He hacked a site, and now they should fix the site.

Facebook is saying that instead of fighting technology with technology, and actually safeguarding their site, they will instead use laws. Those laws don't apply to smart people sitting in China and analyzing facebook flaws.

Secondly, people are acting like Facebook isn't going to fix this security flaw and is sending him to jail so they don't have to. Are you serious? I'm sure this was fixed shortly after it was found he had stolen stuff. They may have even fixed the security before he even went before the judge. That's a very naive point of view if you think "Facebook" sent him to jail so they could be lazy.

Thirdly, if you are going to reference someone who did something illegal, got sent to jail, and now works to prevent future illegal activities, at least use the more relevant reference of Kevin Mitnick, rather than Abagnale.

Sorry but ppl cant use the I was doing this to help them defense and get away with breaking laws. If you do things that you are not supposed to or that aren't allowed to be done where you live you get punished for it. The end doesn't justify the means, if they wanted ppl to do security checks they would have them do it. Im sure that the windows of my house can be broken if rocks are tossed through them but Im not going to do it nor am I going to be happy when somebody does and tells me after the fact hey you can easily get inside your home.

Beware of the man who works hard to learn something, learns it, and finds himself no wiser than before... He is full of murderous resentment of people who are ignorant without having come by their ignorance the hard way. -Kurt Vonnegut, "Cat's Cradle"

It is dangerous to jail smart people for being smart.
There are smart people employed by China to dig through FBI files. They get there by injecting software (either attachments, or links) to personal email of people working in high-security places, and facebook can be used as well.
This particular smart person did no such thing, he didn't use the facebook flaw to install spy software on government computers and send back information for years.
He hacked a site, and now they should fix the site.

Facebook is saying that instead of fighting technology with technology, and actually safeguarding their site, they will instead use laws. Those laws don't apply to smart people sitting in China and analyzing facebook flaws.

Putting the guy in jail, makes us all a little less safe.

Hacking a site, without telling them, to "test" their security, without telling them, and stealing information is not smart

Right because they have SO MUCH sway. He did something wrong, was caught and the company pressed charges. Had it been any large database of personal information it wouldn't be any different, it's the scale of the data, not the company.